Last week, the well-known ride-hailing company Uber Technologies Inc suffered a computer system breach, alerting the public in a tweet saying, “responding to a cybersecurity incident”.
When a company like Uber falls victim to an attack, I always worry a bit – such apps store a lot of information about me like where I live, what I like to eat, where I go to work, which restaurants I like to go to, my credit card information and more.
There is no doubt, that I trust Uber with a lot of information about myself for the convenience of using their services and luckily it seems that none of the user specific data was impacted by the breach, but it does raise my eyebrows.
There are a few takeaways we should learn from the incident, especially considering that in this day and age becoming a target to a cyberattack is inevitable, and what differentiates organisations is the extent of the impact we allow an attacker to gain. We define this as being cyber resilient.
Uber suspects the Lapsus$ hacking group to be responsible for the cyber-attack that forced the company to shut several internal communications temporarily. The hacker group is infamous in the sense that they have also attacked Cisco, Microsoft, and were part of the Okta breach earlier this year.
The way this group typically works is through a phishing and social engineering angle targeting system administrators, and that was exactly what they did this time too to trick an Uber employee into surrendering their credentials. This breach is the perfect example of a supply chain attack, with a target towards the consumer side of the chain.
While major corporates such as Uber have invested heavily into cybersecurity, they are still falling victim to such attacks. This is because attackers exploit the weaknesses in the security operations of a company, which in most cases is the human factor, largely due to a lack of awareness, negligence, or inappropriate access control.
While employees are an organisation’s strongest asset, companies must understand that they can also be their weakest link, hence the importance of educating their workforce on the risks and dangers of such attacks.
One must take lessons from high-profile breaches seen around the world and spread awareness within your organisation on what happened and why a specific user was targeted, so that everyone understands the privileges they have within the company and how they can recognise a phishing or social engineering attack when it happens.
Empowering their own people with cybersecurity awareness is an area where organisations are lacking these days– especially as social engineering becomes easier as companies grow owing to the fact that employees will not necessarily know each other. To make matters worse, technologies such as AI deepfake and voice changing apps are freely available to download online, making it even easier to trick and execute such attacks.
Another very important element to adopt is Zero Trust – understanding how you can avoid an attack from escalating by carefully thinking about access privileges, knowing where your data is and who has access to it. It is all about identifying, prioritising, and encrypting your critical data to ensure that only the right people or business processes actually can access them. It is also key to compartmentalise your technical assets and establishing ‘blast zone’ or ‘fire zones’, ensuring that data cannot get outside a specific perimeter.
Hence, it is fundamental to make sure you architect your entire IT infrastructure and supply chain to keep your core operations functioning securely.
The breach is a clear indication that, in this day and age, even companies that have heavily invested in their cybersecurity are still susceptible to attacks, especially as the ambition, persistence and capability of the attackers have become stronger and more professional. Therefore, simply focusing on prevention is not enough, organisations also need to include solid detection and response strategies to effectively build their cyber-resilience.